Under maintenance

Heretto Help

Show Page Sections

July 2026

New versions of Heretto products are here! Read on to learn what's new. 🚀

Heretto product versions released this month:

  • Heretto CCMS 26.07.02

  • Heretto Deploy API 26.07.02

  • Heretto Portal 26.07.02

July 2, 2026

New versions of Heretto CCMS, Deploy API, and Portal are coming your way!

Heretto CCMS 26.07.02

  • Fixed. We resolved an issue where editing locales could lead to CCMS instability. This happened when the locale editor read a document for validation while it was still being written to, leaving it in an inconsistent state that caused validation to loop and memory usage to climb. This was more likely with very large files containing numerous tables, where writing and validating the document took longer and increased the chance of the two processes overlapping. We've corrected the timing issue so a document is no longer validated while still being written to, and added cycle protection to the validator so it can detect and stop this kind of looping before it exhausts memory.

Heretto Deploy API 26.07.02

  • Added. Deploy API responses now include the HTTP Strict-Transport-Security header, set to a max-age of 12 months with the includeSubDomains and preload directives. This ensures browsers automatically upgrade requests to the Deploy API to HTTPS, consistent with the same header already present in portal responses.

  • Fixed. We fixed an issue in the Get content and metadata for a page endpoint where the top-level type property and the type property in breadcrumbs entries could report incorrect values. In some cases, the item's own type showed the type of its parent instead of itself, and in some cases, an ancestor's type in breadcrumbs was missing entirely. This affected both active sync and manual deployment portal environments. Now, both properties correctly reflect the type of the content item they describe, including sitesections, versions, topicrefs, topicheads, and OpenAPI tags and pages.

Heretto Portal 26.07.02

  • Added. Members of a content team with access to more than one portal audience can now preview a Heretto Portal v6 site as each of those audiences would see it, making it easier to confirm that access-restricted content is scoped correctly. This capability is configurable separately for each environment and is off by default. The selector can be populated either with the audiences returned by the identity provider at login or with a default set of audiences configured for that environment. The selected audience persists as the user moves between pages. When a different audience is selected, the portal shows all content associated with that audience, including content shared across audiences.

  • Added. Heretto Portal v6 sites can now show an introductory section directly below the hero section, on both the home page and section pages (the pages that show tiles). On the home page, the introductory section shows a heading and description that are set in config.json. On section pages, it automatically shows the title and short description added in the sitesection element. The introductory section is off by default and can be turned on separately for the home page and for section pages.

  • Added. Homepage tiles in Heretto Portal v6 can now show a More link when a sitesection element has more child sitesections than the tile can show links for. The link takes users to the parent section page, where they can see everything it contains. The link is off by default and can be turned on in config.json, where a limit can also be set for how many links a tile shows before the More link appears.

  • Fixed. We fixed a behavior in Heretto Portal v6 involving the authRequired setting, which redirects unauthenticated users directly to the sign-in page and blocks access to content until they log in. With two or more identity providers configured, enabling authRequired caused the portal to redirect automatically to the first configured identity provider instead of letting users choose which one to use. The portal now shows the sign-in page in this case as well, letting users select which identity provider to use.

    Note:

    Configuring multiple identity providers is done entirely in config.json and takes effect without a portal restart. The authRequired setting also lives in config.json, but changing it requires restarting the portal, which the Heretto team must assist with.

  • Fixed. We fixed an issue in Heretto Portal v6 that affected how breadcrumbs were shown in search results for pages with API specifications published with Heretto API Docs. Breadcrumbs weren't present in portal environments published with manual deployments and were shown partially in portal environments published with active sync deployments. Now, search results show the full breadcrumb path for API Docs pages in both deployment types. To learn how to publish API specifications to Heretto Portal, see Heretto Portal API Docs.

  • Fixed. We fixed a Heretto Portal v6 issue in versioned content where using breadcrumbs to navigate to a page could incorrectly open the related section page (the page that shows tiles) instead of going directly to the content page. Breadcrumbs for versioned content now default to opening the content page directly, matching the default behavior when the outputclass attribute on the sitesection or topichead element is set to view-toc. Versioned content still opens to its section page if that outputclass attribute is set to view-tiles.

  • Fixed. We fixed a behavior in Heretto Portal v6 where active sync portal environments could show a 404 error page for topics referenced by a topicref with toc="no". This was a side effect of a recent improvement to how active sync portal environments handle content structure. It only affected active sync portal environments, not manual deployment portal environments. Such topics now show their content correctly in both types of portal environments.

  • Enhanced. The Strict-Transport-Security header returned by Heretto Portal v6 now includes the preload directive, in addition to the existing max-age and includeSubDomains directives. This enables sites that meet the preload requirements to be included in browser HSTS preload lists, providing stronger protection against protocol downgrade and cookie hijacking attacks.

July 1, 2026

We introduced a new metadata type, extracted metadata, now available in Beta.

Heretto CCMS

  • Announcement. We've released a new metadata type called extracted metadata (Beta), which lets you bring information that already exists inside your DITA files into reports for content analysis and insight.

    Extracted metadata is currently used only for reporting purposes, though additional use cases may be supported in future releases. Its values are extracted from the content and semantics of your DITA files using custom XPath expressions. Extracted metadata is not included in files or in Heretto Deploy API or Heretto Portal outputs. Instead, it is stored in a CCMS database and made available in these Insights (Beta) reports: Content Report and Localization Report.

    For details on metadata available in the CCMS, including extracted metadata, see Metadata Governance in Heretto CCMS. For extracted metadata configurations, see Extracted Metadata Configurations.

    Note:

    This feature is currently in Beta and available to a limited group of customers. General availability for all Heretto customers will follow the conclusion of the Beta phase. Full rollout dates will be shared when available.